Re: [PATCH 02/11] PCI: Lock down BAR access in secure boot environments

On Tue 2012-09-04 11:55:08, Matthew Garrett wrote: > Any hardware that can potentially generate DMA has to be locked down from > userspace in order to avoid it being possible for an attacker to cause > arbitrary kernel behaviour. Default to paranoid - in future we can > potentially relax this for

Re: [PATCH 02/11] PCI: Lock down BAR access in secure boot environments

On Tue 2012-09-04 11:55:08, Matthew Garrett wrote: Any hardware that can potentially generate DMA has to be locked down from userspace in order to avoid it being possible for an attacker to cause arbitrary kernel behaviour. Default to paranoid - in future we can potentially relax this for

[PATCH 02/11] PCI: Lock down BAR access in secure boot environments

Any hardware that can potentially generate DMA has to be locked down from userspace in order to avoid it being possible for an attacker to cause arbitrary kernel behaviour. Default to paranoid - in future we can potentially relax this for sufficiently IOMMU-isolated devices. Signed-off-by:

[PATCH 02/11] PCI: Lock down BAR access in secure boot environments

Any hardware that can potentially generate DMA has to be locked down from userspace in order to avoid it being possible for an attacker to cause arbitrary kernel behaviour. Default to paranoid - in future we can potentially relax this for sufficiently IOMMU-isolated devices. Signed-off-by: